CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

Amazon Linux 2023 : python3-mako (ALAS2023-2026-1846)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1846 advisory. Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an...

8.7CVSS5.9AI score0.00361EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:11 p.m.•10 views

CVE-2026-44307

A flaw was found in Mako, a Python template library. A remote attacker could exploit a directory traversal vulnerability by crafting a Uniform Resource Identifier URI with backslash traversal. This bypasses security checks, allowing the attacker to read files outside the intended template...

8.7CVSS5.3AI score0.00609EPSS

Exploits1References7

Vulnrichment•added 2026/06/04 2:17 p.m.•8 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS6.5AI score0.00434EPSS

Exploits0References2

Cvelist•added 2026/06/04 2:17 p.m.•35 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

9.3CVSS0.00434EPSS

Exploits0References2

CVE•added 2026/06/04 2:17 p.m.•11 views

CVE-2026-41065

Tautulli versions prior to 2.17.1 are vulnerable to unauthenticated/authenticated remote code execution via the newsletter custom template directory feature. On a fresh install (before setup wizard completion) or on an installed system with credentials, an attacker can create a newsletter agent a...

9.3CVSS6.5AI score0.00434EPSS

Exploits0References2

NVD•added 2026/05/12 10:16 p.m.•14 views

CVE-2026-44307

Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the...

8.7CVSS0.00609EPSS

Exploits1References4

OSV•added 2026/05/12 10:16 p.m.•7 views

UBUNTU-CVE-2026-44307

8.7CVSS5.8AI score0.00609EPSS

Exploits1References6

Debian CVE•added 2026/05/12 9:53 p.m.•9 views

CVE-2026-44307

8.7CVSS5.8AI score0.00609EPSS

Exploits1

Cvelist•added 2026/05/12 9:53 p.m.•33 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

8.7CVSS0.00609EPSS

Exploits1References4

Vulnrichment•added 2026/05/12 9:53 p.m.•6 views

CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup

8.7CVSS5.8AI score0.00609EPSS

Exploits1References4

CVE•added 2026/05/12 9:53 p.m.•16 views

CVE-2026-44307

CVE-2026-44307 describes a Windows-specific path traversal in the Mako template library prior to 1.3.12. A URI using backslash traversal (for example, \..\..\secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_templat...

8.7CVSS5.8AI score0.00609EPSS

Exploits1References4

OSV•added 2026/05/06 9:45 p.m.•7 views

GHSA-2H4P-VJRC-8XPQ Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup

Summary On Windows, a URI using backslash traversal e.g. ....\ secret.txt bypasses the directory traversal check in Template.init and the posixpath-based normalization in TemplateLookup.gettemplate, allowing reads of files outside the configured template directory. Details The root cause is a...

8.7CVSS5.8AI score0.00609EPSS

Exploits1References6

SUSE CVE•added 2026/04/25 1:35 a.m.•3 views

SUSE CVE-2026-41205

Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g., //../../../secret.txt. The root cause is an inconsistency between two slash-stripping implementations. Any file readable by the process can be...

7.5CVSS5.3AI score0.00361EPSS

Exploits0References6

UbuntuCve•added 2026/04/24 12:0 a.m.•3 views

CVE-2026-41205

8.7CVSS5.8AI score0.00361EPSS

Exploits0References3

OSV•added 2026/04/24 12:0 a.m.•1 views

UBUNTU-CVE-2026-41205

8.7CVSS5.8AI score0.00361EPSS

Exploits0References4

NVD•added 2026/04/23 7:17 p.m.•5 views

CVE-2026-41205

8.7CVSS0.00361EPSS

Exploits0References3

Debian CVE•added 2026/04/23 6:52 p.m.•6 views

CVE-2026-41205

8.7CVSS5.3AI score0.00361EPSS

Exploits0

EUVD•added 2026/04/23 6:52 p.m.•9 views

EUVD-2026-25279

8.7CVSS5.7AI score0.00361EPSS

Exploits0References1

Tenable Nessus•added 2026/04/23 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.gettemplate is vulnerable to path traversal when a URI starts with // e.g.,...

8.7CVSS5.8AI score0.00361EPSS

Exploits0References3

AlmaLinux•added 2023/05/16 12:0 a.m.•27 views

Moderate: python-mako security update

Mako is a template library written in Python. It provides a familiar, non-XML syntax which compiles into Python modules for maximum performance. Security Fixes: mako: REDoS in Lexer class CVE-2022-40023 For more details about the security issues, including the impact, a CVSS score, acknowledgment...

7.5CVSS6.7AI score0.01656EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by